The German Federal Intelligence Service (BND) has been trying to hamper its own oversight, the country’s data protection commissioner said in a leaked report, which also unveiled excessive and systematic violations of citizens’ rights by the spy agency.

The paper examined how the BND data collection center in the southeastern city of Bad Aibling monitored the telecommunications data of German citizens. The 60-page report was initially obtained by NDR and WDR media outlets and was also posted online by the netzpolitik.org website.

In the leaked document, dating back to March 2016, Federal Data Protection Commissioner Andrea Vosshoff claimed the BND clearly hampered her attempts to investigate the agency’s work.

“The BND has illegally and massively restricted my supervision authority on several occasions. A comprehensive and efficient control was not possible […] these are grave legal infringements,” Vosshoff stated.

She noted that the intelligence service specifically impeded on her attempts to investigate so-called ‘selector’ lists of keywords used by BND to search for and identify information relevant to a certain case from databases and data flows. These include phone numbers, emails, chats, content from public social media, messages in web forums, geographic coordinates, keywords etc.

According to Vosshoff, who is responsible for monitoring the activities of government agencies with respect to citizen’s rights on personal information, the “BND has collected personal data without a legal basis und has processed it systematically.”

The commissioner pinpointed 18 severe legal violations and filed 12 formal complaints in seven fields of the service’s activity, detailing attempts to block her inquiries as one of them. Vosshoff went on to say in her report that despite BND’s claims that the “information is essential” it cannot “substitute a missing legal basis”.

The facility in Bad Aibling and the “selectors” scandal made headlines back in 2015, when it became apparent that BND had been spying on European politicians and companies for America’s NSA (National Security Agency) for over a decade. In exchange for data sharing, BND took the lists from the NSA and added them to their own monitoring system.

While German intelligence never checked the content of the lists, it was only after Edward Snowden’s revelations in 2013, that an investigation into was launched. Further probes revealed that 40,000 selectors actually violated German and western European interests.

In the wake of the scandal then-chief of BND Gerhard Schindler was removed from his post in spring this year.

In her report Vosshoff also criticized BND’s use of the NSA search tool known as “XKeyscore.” The tool scouts the information not only of a person investigated, but also of numerous others, who “are not related” to the case, the commissioner argued.

Following the leak, the German MP from the Green party Konstantin von Notz, who is also the head of the parliamentary committee on the NSA, praised the findings. The MP stated that BND’s actions “with regard to the highly sensitive issue of privacy have obviously been unlawful.”

Meanwhile Martina Renner from the leftist Die Linke party called the findings “terrifying.”

While the BND-outpost in Bad Aibling became the target of the latest investigation, the German Die Zeit writes that several more similar data processing services are located in Schöningen (Lower Saxony), Rheinhausen and Gablingen (Bavaria). The compounds are collecting metadata from all over the world amounting to some 220 million data points a day.